Blog Posts Tagged with "Code Review"


To “Open Source” or “Not to Open Source”

July 27, 2012 Added by:Andrew Sanicola

Many open source products have add-ons, extensions, plug-ins etc. which make them attractive. While the core application itself is mostly secure, it is these extensions and plug-ins contributed by many diverse developers and organizations that introduce vulnerabilities into the open source product as a whole...

Comments  (0)


What’s Going Right with Your Secure Development Efforts?

May 04, 2012 Added by:Fergal Glynn

Security professionals place developer’s code under a microscope and highlight each and every flaw, so you can appreciate why there may be some tension. Testing of code only offers assessments of what they did wrong. Can we apply a different lens while having this conversation?

Comments  (0)


Pitting Education Against Cyber Attacks

March 26, 2012 Added by:Frank Kim

In the relentless struggle to protect against cyber attacks, companies must identify vulnerabilities before hackers have an opportunity to exploit them. With software applications, a logical path to the early identification of vulnerabilities begins at the development stage...

Comments  (1)


Scanning Applications Faster - A Chicken vs. Egg Problem

October 09, 2011 Added by:Rafal Los

We need to shift the security culture from "find bugs" to "fix bugs" or else we're in deep, deep trouble. Don't get me wrong, once the software industry has figured out how to write secure software by design, then we can worry about demanding bigger, better, faster scanning automation...

Comments  (0)


Web Application Attack and Audit Framework 1.0 Released

June 03, 2011 Added by:Headlines

"w3af, is a Web Application Attack and Audit Framework. The w3af core and it's plugins are fully written in python. The project has more than 130 plugins, which check for SQL injection, cross site scripting (xss), local and remote file inclusion and much more..."

Comments  (0)


Think You Can’t Afford Code/App Testing? Think Again...

May 19, 2011 Added by:Brent Huston

Today, you have a plethora of code review automation tools and source code scanners. These tools make an easy way to pick the low hanging (and sometimes higher) vulnerabilities out of your code long before it is exposed to malicious outsider/insider contact...

Comments  (1)


Implementing Complex Systems for Testing Application Logic

March 07, 2011 Added by:Rafal Los

Creating a system or a testing framework which can appropriately enable a previously entirely manual process is tricky - and while fully automating the finding of logic flaws may still be beyond our reach the research and ideas presented herein are steps forward to that direction...

Comments  (0)


Software Security Assurance Psychology - The Legacy Code

March 04, 2011 Added by:Rafal Los

An application has been relied upon successfully for months or years (decades?), and now that the organization finally gave you access to it because they touched/modified one small component you've found a systemic bug which requires a large-scale effort to remediate. Herein lies the rub...

Comments  (0)


Application Vulnerabilities are Like Landmines

March 02, 2011 Added by:Ron Lepofsky

Application owners sometimes get confused when doing a follow-up audit after they have implemented all recommendations made in an original audit. Some owners think they can save money on a subsequent audit simply by having an auditor validate the mitigation recommendations were implemented correctly...

Comments  (0)


Top 5 Ridiculous Hacking Scenes in Movies

November 03, 2010 Added by:Bozidar Spirovski

Like any technology-fed phenomenon with increasing public exposure, hacking is often ill-conceived and exaggerated in movie scenes. The following are five of the most implausible and amusing scenes that have resulted from this approach to hacker depiction in movies...

Comments  (13)


How Do You Know That Your Software Is Secure?

August 17, 2010 Added by:PCI Guru

Software is everywhere these days, and is in almost everything from flat panel televisions to furnaces. As more devices get connected to networks, the risk that backdoors or sleeper code will be used to obtain surreptitious access to these devices increases...

Comments  (0)


PCI DSS and Code Reviews

August 02, 2010 Added by:PCI Guru

Requirement 6.6 of the PCI DSS discusses the concept of code reviews or the implementation of an application firewall to protect Internet facing applications...

Comments  (4)